CVE-2020-2004DEPRECATED: Information Exposure Through Debug Log Files in Palo Alto Networks Globalprotect APP

CWE-534DEPRECATED: Information Exposure Through Debug Log FilesCWE-532Log File Information Exposure9 documents7 sources
Severity
5.5MEDIUMNVD
CNA6.8
EPSS
0.1%
top 82.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Globalprotect APPPaloaltonetworks GlobalprotectPaloalto Globalprotect APP
Timeline
PublishedMay 13
Latest updateMay 24

Description

Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. For this issue to occur all of these conditions must be true: (1) 'Save User Credential' option should be set to 'Yes' in the GlobalProtect Portal's Agent configuration, (2) the GlobalProtect user manually selects a gateway, (3) and the logging level is set to 'Dump' w

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDpaloaltonetworks/globalprotect5.0.05.0.9+1
CVEListV5palo_alto_networks/globalprotect_app5.05.0.9+1

🔴Vulnerability Details

2
GHSA
GHSA-p45r-9639-7568: Under certain circumstances a user's password may be logged in cleartext in the PanGPS2022-05-24
CVEList
GlobalProtect App: Passwords may be logged in clear text while collecting troubleshooting logs2020-05-13

📋Vendor Advisories

1
Palo Alto
GlobalProtect App: Passwords may be logged in clear text while collecting troubleshooting logs2020-05-13

🕵️Threat Intelligence

1
Unit42
Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-13502020-07-21
CVE-2020-2004 — Palo vulnerability | cvebase